NVD Vulnerability Detail

CVE-2015-10093

Summary	A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability.
Publication Date	March 6, 2023, 4:15 p.m.
Registration Date	March 7, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 11:24 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mark_user_as_spammer_project:mark_user_as_spammer:1.0.0:::::wordpress::
cpe:2.3:a:mark_user_as_spammer_project:mark_user_as_spammer:1.0.1:::::wordpress::

Related information, measures and tools

No	URL	タグ
1	https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62	Patch
2	https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62	Patch
3	https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2	Release Notes
4	https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2	Release Notes
5	https://vuldb.com/?ctiid.222325	Third Party Advisory
6	https://vuldb.com/?ctiid.222325	Third Party Advisory
7	https://vuldb.com/?id.222325	Third Party Advisory
8	https://vuldb.com/?id.222325	Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

mark user as spammer project の WordPress 用 mark user as spammer におけるクロスサイトスクリプティングの脆弱性

Title	mark user as spammer project の WordPress 用 mark user as spammer におけるクロスサイトスクリプティングの脆弱性
Summary	mark user as spammer project の WordPress 用 mark user as spammer には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	March 6, 2023, midnight
Registration Date	Nov. 7, 2023, 1:56 p.m.
Last Update	Nov. 7, 2023, 1:56 p.m.

Affected System

mark user as spammer project

mark user as spammer 1.0.0

mark user as spammer 1.0.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-10093	https://www.cve.org/CVERecord?id=CVE-2015-10093
National Vulnerability Database (NVD)
2	CVE-2015-10093	https://nvd.nist.gov/vuln/detail/CVE-2015-10093

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

その他

No	Name	URL
関連文書
1	github.com (e7059727274d2767c240c55c02c163eaa4ba6c62)	https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62
2	github.com (v1.0.2)	https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2
3	vuldb.com (ctiid.222325)	https://vuldb.com/?ctiid.222325
4	vuldb.com (id.222325)	https://vuldb.com/?id.222325

Change Log

No	Changed Details	Date of change
1	[2023年11月07日] 掲載	Nov. 7, 2023, 1:56 p.m.